Skip to content

Securityvulnerabilityfixes18062026#79

Merged
dawiisss merged 8 commits into
mainfrom
securityvulnerabilityfixes18062026
Jun 18, 2026
Merged

Securityvulnerabilityfixes18062026#79
dawiisss merged 8 commits into
mainfrom
securityvulnerabilityfixes18062026

Conversation

@dawiisss

@dawiisss dawiisss commented Jun 18, 2026

Copy link
Copy Markdown
Owner

Description

Fixing CI
Pushed back to use npm.

dawiisss added 8 commits June 18, 2026 21:51
@dawiisss
fix: add .npmrc with shamefully-hoist for electron-builder compatibility
958fffe
@dawiisss
fix: disable npmRebuild in electron-builder (pnpm handles native builds)
1d65bcf
@dawiisss
fix: add packageManager field so electron-builder detects pnpm
515fbda
@dawiisss
ci: let pnpm/action-setup auto-detect version from packageManager field
529af07
@dawiisss
ci: use pnpm latest instead of pinned version
a973f20
@dawiisss
fix: add package-lock.json for electron-builder dependency resolution
a64b524 
electron-builder needs a recognized lockfile to resolve the dep tree
for packaging. pnpm-lock.yaml isn't detected by electron-builder 26.8.1,
so we keep a dual-lockfile setup:
- pnpm-lock.yaml for pnpm installs and CI
- package-lock.json for electron-builder packaging

Generated with npm install --package-lock-only from the current deps
(dompurify 3.4.11, tldts-experimental 7.4.2, undici 7.28.0).
@dawiisss
revert: switch back to npm for CI and electron-builder
608465e 
pnpm's module resolution caused electron-builder to miss transitive
dependencies (e.g. ms) in the asar, breaking the packaged app at runtime.
npm's flat node_modules + package-lock.json work correctly with
electron-builder 26.x.

- Revert CI workflows to npm ci / npm run
- Restore npmRebuild: true for native module rebuilding
- Remove .npmrc (shamefully-hoist / node-linker config)
- Remove pnpm-workspace.yaml
@dawiisss
chore: remove pnpm-lock.yaml and gitignore pnpm artifacts
4b346d2
@dawiisss dawiisss merged commit b29b846 into main Jun 18, 2026
3 checks passed
@dawiisss dawiisss deleted the securityvulnerabilityfixes18062026 branch June 18, 2026 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dawiisss